[exim] if you use openssl v3+ with exim

Página Principal
Esta mensagem é parte da seguinte discussão:
Ma lista completa das discussões ordenadas por data
M 
MJeremy Harris em ->
Apagar esta mensagem
Responder a esta mensagem
Autor: Cyborg
Data:  
Para: exim-users
Assunto: [exim] if you use openssl v3+ with exim

Hi all,

since Fedora switched to openssl 3 (3.0.5 atm) we encounter these messages:

TLS session: (SSL_connect): error:0A000152:SSL routines::unsafe legacy
renegotiation disabled

This is connected to a 2009 CVE against common SSL libs ( nss, openssl
etc.) using an insecure form of handshake.

All faulty external mailserver have in common, that they are not
up2date, as they at least do not offer TLS 1.3 encryption.
On was even TLS 1.0 only ..

The question "if OpenSSL 3 is buggy or not" is under investigation atm. 
There is a workaround for the issue, but it involves introducing MITM
attackvectors and we don't won't this, don't we? :) (if you need to know
throw me a mail).

best regards,
Marius
Esta mensagem foi colocada nas seguintes mailing lists:
Exim-users
Informação da Mailing List | Mensagens Perto		<-Re: [exim] dkim=fail (body hash mismatch; body probably modified in transit)Re: [exim] if you use openssl v3+ with exim->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versão 2.3)